Getting DNS record types

Getting DNS record types
Linux host command can help you find the IP address of a web URL

Using the Linux host Command

DNS is like a telephone book of the Internet. DNS or Domain Name Servers help you translate the web URL to their underlying IP addresses.

For humans, it is easy to remember www.google.co.uk as compared to numbers such as 172.217.23.3 which is the IP address of www.google.co.uk.


So this means that when you type www.google.co.uk in your Internet Browser such as IE, Chrome or Firefox, the ISP looks up the DNS server to find the IP address and redirects you to where www.google.co.uk actully lives.

host is a command line linux utility for performing DNS lookups. It can be used to convert names to IP addresses to domain names and vice versa. You can get its command line arguments by typing host in the terminal. Here are the options you could use with the host command:

typing host in the terminal lists the command options

You can specify a domain name that you want to pull information from. You can also specify an IPv4 address or an IPv6 address (colon delimited). It will perform a reverse lookup for that IP address. Here is how my website information is fetched by the simple host command: host fahadusman.com:

fahadusman.com has address 209.235.144.9
fahadusman.com mail is handled by 1 fahadusman-com.mail.protection.outlook.com.

Other examples of using host commands

Finding Nameservers: A nameserver maintains a directory of domain names that match certain IP addresses. In other words, it’s where the DNS server records for your domain are stored, allowing you to decide which hosting providers controls your webspace and email.

host -t ns fahadusman.com
fahadusman.com name server buck.ns.cloudflare.com.
fahadusman.com name server tina.ns.cloudflare.com.

-t specifies the type of record. ns means nameserver and then the domain name.

Find IPv4/6 address: if you want to look for IPv4 or IPv6 address you can:

host -4 fahadusman.com
fahadusman.com has address 209.235.144.9
fahadusman.com mail is handled by 1 fahadusman-com.mail.protection.outlook.com.

host -6 google.co.uk
google.co.uk has address 142.250.180.3
google.co.uk has IPv6 address 2a00:1450:4009:81e::2003
google.co.uk mail is handled by 0 smtp.google.com.

Find MX records, a mail server responsible for accepting email messages on behalf of a recipient’s domain, and a preference value used to prioritize mail delivery if multiple mail servers are available.

host -t mx fahadusman.com
fahadusman.com mail is handled by 1 fahadusman-com.mail.protection.outlook.com.

host -t mx target.com
target.com mail is handled by 5 smtp02.target.com.
target.com mail is handled by 5 smtp01.target.com.

FTP and SSH address: some times targets do have ftp or ssh addresses as well. you can enumerate by:

host -t a ssh.target.com
ssh.target.com has address 92.242.132.15

Find SOA (Start of Authority) records: Every domain must have a Start of Authority record at the cutover point where the domain is delegated from its parent domain. For example if the domain mycompany.com is delegated to DNSimple name servers, we must include an SOA record for the name mycompany.com in our authoritative DNS records. We add this record automatically for every domain that is added to DNSimple.

host -t soa target.com
target.com has SOA record tezttsdcx01p.extdns.target.com. hostmaster.target.com. 2005139024 28800 3600 604800 3600

The SOA record includes the following details:

  • The primary name server for the domain, which is tezttsdcx01p.extdns.target.com or the first name server in the vanity name server list for vanity name servers.
  • The responsible party for the domain, which is hostmaster.target.com.
  • A timestamp that changes whenever you update your domain. 2005139024
  • The number of seconds before the zone should be refreshed. 3600
  • The number of seconds before a failed refresh should be retried. 28800
  • The upper limit in seconds before a zone is considered no longer authoritative. i.e. expiry = 604800
  • The negative result TTL (for example, how long a resolver should consider a negative result for a subdomain to be valid before retrying). 3600

Get txt records by:

host -t txt google.com
google.com descriptive text "apple-domain-verification=30afIBcvSuDV2PLX"
google.com descriptive text "google-site-verification=TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ"
google.com descriptive text "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"
google.com descriptive text "MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB"
google.com descriptive text "globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="
google.com descriptive text "google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o"
google.com descriptive text "docusign=1b0a6754-49b1-4db5-8540-d2c12664b289"
google.com descriptive text "v=spf1 include:_spf.google.com ~all"
google.com descriptive text "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"